using-git-worktrees
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill frequently executes shell commands to manipulate the filesystem, manage git worktrees, and modify
.gitignorefiles. Use of shell variables in paths (e.g.,$LOCATION/$BRANCH_NAME) without explicit sanitization poses a risk if project names or branch names are maliciously crafted. - [REMOTE_CODE_EXECUTION] (MEDIUM): Automatically triggers project setup and tests using commands like
npm install,pip install,npm test, andpytest. These tools are designed to execute code defined within the repository being worked on (e.g., pre-install hooks or test logic), which can be exploited if the agent is working on an untrusted or compromised codebase. - [EXTERNAL_DOWNLOADS] (MEDIUM): Uses package managers to fetch external dependencies from public registries (NPM, PyPI, etc.). While the registries themselves are standard, the specific packages and versions are determined by the configuration files in the repository, which could be controlled by an attacker.
- [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Reads and parses
CLAUDE.mdto extract directory preferences. - Boundary markers: Absent; the skill directly searches file content for configuration instructions.
- Capability inventory: Significant capability to execute shell commands, install software, and run tests.
- Sanitization: None; the extracted configuration from
CLAUDE.mdis used to determine execution paths.
Audit Metadata